Announcement Announcement Module
Collapse
No announcement yet.
Implementing WS Security selectively on @Endpoint Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Implementing WS Security selectively on @Endpoint

    Hi,

    I was playing around with Spring WS and i came across a problem..

    I have two methods defined in my @Endpoint. My intent is to apply WS security on one and not on the other.Can this be done?

    Reason tells me it can't because i defined the following for spring to detect all @Endpoints..

    HTML Code:
    <bean class="org.springframework.ws.server.endpoint.mapping.PayloadRootAnnotationMethodEndpointMapping">
    	
    	<property name="interceptors">
                <list>
                    <ref bean="wsSecurityInterceptor"/>
                </list>
            </property>
        </bean>  
    So, it would apply the security intereceptor on all the methods.Am i missing something here?

    If it can't be done what are the options ?

    Any pointers will be very helpful...

  • #2
    What we have done is to define two MessageDispatcherServlets in our web.xml,

    Code:
     
    <servlet>
       <servlet-name>unsecure-ws</servlet-name>
       <servlet-class>org.springframework.ws.transport.http.MessageDispatcherServlet</servlet-class>
    </servlet>
    <servlet>
       <servlet-name>ws</servlet-name>
       <servlet-class>org.springframework.ws.transport.http.MessageDispatcherServlet</servlet-class>
    </servlet>
    Then you can use different interceptors for your endpoints. The two contexts, ws-servlet.xml and unsecure-ws-servlet.xml will be loaded as child contexts to the root WebApplicationContext loaded by ContextLoaderListener, and willl suffer no bean namespace collisions.

    We have also extracted some common configuration to be loaded by ContextLoaderListener, e.g. the endpoint exception resolvers

    Regards,
    Paul

    Comment


    • #3
      Hi Paul

      WARNING: this is totally untried

      You could _possibly_ create a custom @Endpoint annotation (@SecureEndpoint?), and have another PayloadRootAnnotationMethodEndpointMapping (PRAMM) definition that consumes/looks-for this custom annotation as opposed to just the @Endpoint annotation. That way you can still have a single MDS, and you can specify the interceptors at the PRAMM level. The downside is that there is no setter on PRAMM to set the looked-for annotation, so you'll need to subclass it.

      'Abstract base for EndpointMapping implementations that map classes tagged with an annotation. By default the annotation is @Endpoint, but this can be overriden in subclasses.'

      Arjen will be able to confirm this for sure

      Cheers
      Rick

      Comment

      Working...
      X